00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029 #include "polarssl/config.h"
00030
00031 #if defined(POLARSSL_SHA1_C)
00032
00033 #include "polarssl/sha1.h"
00034
00035 #include <string.h>
00036 #include <stdio.h>
00037
00038
00039
00040
00041 #ifndef GET_ULONG_BE
00042 #define GET_ULONG_BE(n,b,i) \
00043 { \
00044 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
00045 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
00046 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
00047 | ( (unsigned long) (b)[(i) + 3] ); \
00048 }
00049 #endif
00050
00051 #ifndef PUT_ULONG_BE
00052 #define PUT_ULONG_BE(n,b,i) \
00053 { \
00054 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
00055 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
00056 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
00057 (b)[(i) + 3] = (unsigned char) ( (n) ); \
00058 }
00059 #endif
00060
00061
00062
00063
00064 void sha1_starts( sha1_context *ctx )
00065 {
00066 ctx->total[0] = 0;
00067 ctx->total[1] = 0;
00068
00069 ctx->state[0] = 0x67452301;
00070 ctx->state[1] = 0xEFCDAB89;
00071 ctx->state[2] = 0x98BADCFE;
00072 ctx->state[3] = 0x10325476;
00073 ctx->state[4] = 0xC3D2E1F0;
00074 }
00075
00076 static void sha1_process( sha1_context *ctx, unsigned char data[64] )
00077 {
00078 unsigned long temp, W[16], A, B, C, D, E;
00079
00080 GET_ULONG_BE( W[ 0], data, 0 );
00081 GET_ULONG_BE( W[ 1], data, 4 );
00082 GET_ULONG_BE( W[ 2], data, 8 );
00083 GET_ULONG_BE( W[ 3], data, 12 );
00084 GET_ULONG_BE( W[ 4], data, 16 );
00085 GET_ULONG_BE( W[ 5], data, 20 );
00086 GET_ULONG_BE( W[ 6], data, 24 );
00087 GET_ULONG_BE( W[ 7], data, 28 );
00088 GET_ULONG_BE( W[ 8], data, 32 );
00089 GET_ULONG_BE( W[ 9], data, 36 );
00090 GET_ULONG_BE( W[10], data, 40 );
00091 GET_ULONG_BE( W[11], data, 44 );
00092 GET_ULONG_BE( W[12], data, 48 );
00093 GET_ULONG_BE( W[13], data, 52 );
00094 GET_ULONG_BE( W[14], data, 56 );
00095 GET_ULONG_BE( W[15], data, 60 );
00096
00097 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
00098
00099 #define R(t) \
00100 ( \
00101 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
00102 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
00103 ( W[t & 0x0F] = S(temp,1) ) \
00104 )
00105
00106 #define P(a,b,c,d,e,x) \
00107 { \
00108 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
00109 }
00110
00111 A = ctx->state[0];
00112 B = ctx->state[1];
00113 C = ctx->state[2];
00114 D = ctx->state[3];
00115 E = ctx->state[4];
00116
00117 #define F(x,y,z) (z ^ (x & (y ^ z)))
00118 #define K 0x5A827999
00119
00120 P( A, B, C, D, E, W[0] );
00121 P( E, A, B, C, D, W[1] );
00122 P( D, E, A, B, C, W[2] );
00123 P( C, D, E, A, B, W[3] );
00124 P( B, C, D, E, A, W[4] );
00125 P( A, B, C, D, E, W[5] );
00126 P( E, A, B, C, D, W[6] );
00127 P( D, E, A, B, C, W[7] );
00128 P( C, D, E, A, B, W[8] );
00129 P( B, C, D, E, A, W[9] );
00130 P( A, B, C, D, E, W[10] );
00131 P( E, A, B, C, D, W[11] );
00132 P( D, E, A, B, C, W[12] );
00133 P( C, D, E, A, B, W[13] );
00134 P( B, C, D, E, A, W[14] );
00135 P( A, B, C, D, E, W[15] );
00136 P( E, A, B, C, D, R(16) );
00137 P( D, E, A, B, C, R(17) );
00138 P( C, D, E, A, B, R(18) );
00139 P( B, C, D, E, A, R(19) );
00140
00141 #undef K
00142 #undef F
00143
00144 #define F(x,y,z) (x ^ y ^ z)
00145 #define K 0x6ED9EBA1
00146
00147 P( A, B, C, D, E, R(20) );
00148 P( E, A, B, C, D, R(21) );
00149 P( D, E, A, B, C, R(22) );
00150 P( C, D, E, A, B, R(23) );
00151 P( B, C, D, E, A, R(24) );
00152 P( A, B, C, D, E, R(25) );
00153 P( E, A, B, C, D, R(26) );
00154 P( D, E, A, B, C, R(27) );
00155 P( C, D, E, A, B, R(28) );
00156 P( B, C, D, E, A, R(29) );
00157 P( A, B, C, D, E, R(30) );
00158 P( E, A, B, C, D, R(31) );
00159 P( D, E, A, B, C, R(32) );
00160 P( C, D, E, A, B, R(33) );
00161 P( B, C, D, E, A, R(34) );
00162 P( A, B, C, D, E, R(35) );
00163 P( E, A, B, C, D, R(36) );
00164 P( D, E, A, B, C, R(37) );
00165 P( C, D, E, A, B, R(38) );
00166 P( B, C, D, E, A, R(39) );
00167
00168 #undef K
00169 #undef F
00170
00171 #define F(x,y,z) ((x & y) | (z & (x | y)))
00172 #define K 0x8F1BBCDC
00173
00174 P( A, B, C, D, E, R(40) );
00175 P( E, A, B, C, D, R(41) );
00176 P( D, E, A, B, C, R(42) );
00177 P( C, D, E, A, B, R(43) );
00178 P( B, C, D, E, A, R(44) );
00179 P( A, B, C, D, E, R(45) );
00180 P( E, A, B, C, D, R(46) );
00181 P( D, E, A, B, C, R(47) );
00182 P( C, D, E, A, B, R(48) );
00183 P( B, C, D, E, A, R(49) );
00184 P( A, B, C, D, E, R(50) );
00185 P( E, A, B, C, D, R(51) );
00186 P( D, E, A, B, C, R(52) );
00187 P( C, D, E, A, B, R(53) );
00188 P( B, C, D, E, A, R(54) );
00189 P( A, B, C, D, E, R(55) );
00190 P( E, A, B, C, D, R(56) );
00191 P( D, E, A, B, C, R(57) );
00192 P( C, D, E, A, B, R(58) );
00193 P( B, C, D, E, A, R(59) );
00194
00195 #undef K
00196 #undef F
00197
00198 #define F(x,y,z) (x ^ y ^ z)
00199 #define K 0xCA62C1D6
00200
00201 P( A, B, C, D, E, R(60) );
00202 P( E, A, B, C, D, R(61) );
00203 P( D, E, A, B, C, R(62) );
00204 P( C, D, E, A, B, R(63) );
00205 P( B, C, D, E, A, R(64) );
00206 P( A, B, C, D, E, R(65) );
00207 P( E, A, B, C, D, R(66) );
00208 P( D, E, A, B, C, R(67) );
00209 P( C, D, E, A, B, R(68) );
00210 P( B, C, D, E, A, R(69) );
00211 P( A, B, C, D, E, R(70) );
00212 P( E, A, B, C, D, R(71) );
00213 P( D, E, A, B, C, R(72) );
00214 P( C, D, E, A, B, R(73) );
00215 P( B, C, D, E, A, R(74) );
00216 P( A, B, C, D, E, R(75) );
00217 P( E, A, B, C, D, R(76) );
00218 P( D, E, A, B, C, R(77) );
00219 P( C, D, E, A, B, R(78) );
00220 P( B, C, D, E, A, R(79) );
00221
00222 #undef K
00223 #undef F
00224
00225 ctx->state[0] += A;
00226 ctx->state[1] += B;
00227 ctx->state[2] += C;
00228 ctx->state[3] += D;
00229 ctx->state[4] += E;
00230 }
00231
00232
00233
00234
00235 void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )
00236 {
00237 int fill;
00238 unsigned long left;
00239
00240 if( ilen <= 0 )
00241 return;
00242
00243 left = ctx->total[0] & 0x3F;
00244 fill = 64 - left;
00245
00246 ctx->total[0] += ilen;
00247 ctx->total[0] &= 0xFFFFFFFF;
00248
00249 if( ctx->total[0] < (unsigned long) ilen )
00250 ctx->total[1]++;
00251
00252 if( left && ilen >= fill )
00253 {
00254 memcpy( (void *) (ctx->buffer + left),
00255 (void *) input, fill );
00256 sha1_process( ctx, ctx->buffer );
00257 input += fill;
00258 ilen -= fill;
00259 left = 0;
00260 }
00261
00262 while( ilen >= 64 )
00263 {
00264 sha1_process( ctx, input );
00265 input += 64;
00266 ilen -= 64;
00267 }
00268
00269 if( ilen > 0 )
00270 {
00271 memcpy( (void *) (ctx->buffer + left),
00272 (void *) input, ilen );
00273 }
00274 }
00275
00276 static const unsigned char sha1_padding[64] =
00277 {
00278 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00282 };
00283
00284
00285
00286
00287 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
00288 {
00289 unsigned long last, padn;
00290 unsigned long high, low;
00291 unsigned char msglen[8];
00292
00293 high = ( ctx->total[0] >> 29 )
00294 | ( ctx->total[1] << 3 );
00295 low = ( ctx->total[0] << 3 );
00296
00297 PUT_ULONG_BE( high, msglen, 0 );
00298 PUT_ULONG_BE( low, msglen, 4 );
00299
00300 last = ctx->total[0] & 0x3F;
00301 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00302
00303 sha1_update( ctx, (unsigned char *) sha1_padding, padn );
00304 sha1_update( ctx, msglen, 8 );
00305
00306 PUT_ULONG_BE( ctx->state[0], output, 0 );
00307 PUT_ULONG_BE( ctx->state[1], output, 4 );
00308 PUT_ULONG_BE( ctx->state[2], output, 8 );
00309 PUT_ULONG_BE( ctx->state[3], output, 12 );
00310 PUT_ULONG_BE( ctx->state[4], output, 16 );
00311 }
00312
00313
00314
00315
00316 void sha1( unsigned char *input, int ilen, unsigned char output[20] )
00317 {
00318 sha1_context ctx;
00319
00320 sha1_starts( &ctx );
00321 sha1_update( &ctx, input, ilen );
00322 sha1_finish( &ctx, output );
00323
00324 memset( &ctx, 0, sizeof( sha1_context ) );
00325 }
00326
00327
00328
00329
00330 int sha1_file( char *path, unsigned char output[20] )
00331 {
00332 FILE *f;
00333 size_t n;
00334 sha1_context ctx;
00335 unsigned char buf[1024];
00336
00337 if( ( f = fopen( path, "rb" ) ) == NULL )
00338 return( 1 );
00339
00340 sha1_starts( &ctx );
00341
00342 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
00343 sha1_update( &ctx, buf, (int) n );
00344
00345 sha1_finish( &ctx, output );
00346
00347 memset( &ctx, 0, sizeof( sha1_context ) );
00348
00349 if( ferror( f ) != 0 )
00350 {
00351 fclose( f );
00352 return( 2 );
00353 }
00354
00355 fclose( f );
00356 return( 0 );
00357 }
00358
00359
00360
00361
00362 void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )
00363 {
00364 int i;
00365 unsigned char sum[20];
00366
00367 if( keylen > 64 )
00368 {
00369 sha1( key, keylen, sum );
00370 keylen = 20;
00371 key = sum;
00372 }
00373
00374 memset( ctx->ipad, 0x36, 64 );
00375 memset( ctx->opad, 0x5C, 64 );
00376
00377 for( i = 0; i < keylen; i++ )
00378 {
00379 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
00380 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
00381 }
00382
00383 sha1_starts( ctx );
00384 sha1_update( ctx, ctx->ipad, 64 );
00385
00386 memset( sum, 0, sizeof( sum ) );
00387 }
00388
00389
00390
00391
00392 void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen )
00393 {
00394 sha1_update( ctx, input, ilen );
00395 }
00396
00397
00398
00399
00400 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
00401 {
00402 unsigned char tmpbuf[20];
00403
00404 sha1_finish( ctx, tmpbuf );
00405 sha1_starts( ctx );
00406 sha1_update( ctx, ctx->opad, 64 );
00407 sha1_update( ctx, tmpbuf, 20 );
00408 sha1_finish( ctx, output );
00409
00410 memset( tmpbuf, 0, sizeof( tmpbuf ) );
00411 }
00412
00413
00414
00415
00416 void sha1_hmac( unsigned char *key, int keylen,
00417 unsigned char *input, int ilen,
00418 unsigned char output[20] )
00419 {
00420 sha1_context ctx;
00421
00422 sha1_hmac_starts( &ctx, key, keylen );
00423 sha1_hmac_update( &ctx, input, ilen );
00424 sha1_hmac_finish( &ctx, output );
00425
00426 memset( &ctx, 0, sizeof( sha1_context ) );
00427 }
00428
00429 #if defined(POLARSSL_SELF_TEST)
00430
00431
00432
00433 static unsigned char sha1_test_buf[3][57] =
00434 {
00435 { "abc" },
00436 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00437 { "" }
00438 };
00439
00440 static const int sha1_test_buflen[3] =
00441 {
00442 3, 56, 1000
00443 };
00444
00445 static const unsigned char sha1_test_sum[3][20] =
00446 {
00447 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
00448 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
00449 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
00450 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
00451 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
00452 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
00453 };
00454
00455
00456
00457
00458 static unsigned char sha1_hmac_test_key[7][26] =
00459 {
00460 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
00461 "\x0B\x0B\x0B\x0B" },
00462 { "Jefe" },
00463 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
00464 "\xAA\xAA\xAA\xAA" },
00465 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
00466 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
00467 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
00468 "\x0C\x0C\x0C\x0C" },
00469 { "" },
00470 { "" }
00471 };
00472
00473 static const int sha1_hmac_test_keylen[7] =
00474 {
00475 20, 4, 20, 25, 20, 80, 80
00476 };
00477
00478 static unsigned char sha1_hmac_test_buf[7][74] =
00479 {
00480 { "Hi There" },
00481 { "what do ya want for nothing?" },
00482 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00483 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00484 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00485 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00486 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
00487 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00488 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00489 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00490 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00491 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
00492 { "Test With Truncation" },
00493 { "Test Using Larger Than Block-Size Key - Hash Key First" },
00494 { "Test Using Larger Than Block-Size Key and Larger"
00495 " Than One Block-Size Data" }
00496 };
00497
00498 static const int sha1_hmac_test_buflen[7] =
00499 {
00500 8, 28, 50, 50, 20, 54, 73
00501 };
00502
00503 static const unsigned char sha1_hmac_test_sum[7][20] =
00504 {
00505 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
00506 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
00507 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
00508 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
00509 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
00510 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
00511 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
00512 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
00513 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
00514 0x7B, 0xE1 },
00515 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
00516 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
00517 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
00518 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
00519 };
00520
00521
00522
00523
00524 int sha1_self_test( int verbose )
00525 {
00526 int i, j, buflen;
00527 unsigned char buf[1024];
00528 unsigned char sha1sum[20];
00529 sha1_context ctx;
00530
00531
00532
00533
00534 for( i = 0; i < 3; i++ )
00535 {
00536 if( verbose != 0 )
00537 printf( " SHA-1 test #%d: ", i + 1 );
00538
00539 sha1_starts( &ctx );
00540
00541 if( i == 2 )
00542 {
00543 memset( buf, 'a', buflen = 1000 );
00544
00545 for( j = 0; j < 1000; j++ )
00546 sha1_update( &ctx, buf, buflen );
00547 }
00548 else
00549 sha1_update( &ctx, sha1_test_buf[i],
00550 sha1_test_buflen[i] );
00551
00552 sha1_finish( &ctx, sha1sum );
00553
00554 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
00555 {
00556 if( verbose != 0 )
00557 printf( "failed\n" );
00558
00559 return( 1 );
00560 }
00561
00562 if( verbose != 0 )
00563 printf( "passed\n" );
00564 }
00565
00566 if( verbose != 0 )
00567 printf( "\n" );
00568
00569 for( i = 0; i < 7; i++ )
00570 {
00571 if( verbose != 0 )
00572 printf( " HMAC-SHA-1 test #%d: ", i + 1 );
00573
00574 if( i == 5 || i == 6 )
00575 {
00576 memset( buf, '\xAA', buflen = 80 );
00577 sha1_hmac_starts( &ctx, buf, buflen );
00578 }
00579 else
00580 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
00581 sha1_hmac_test_keylen[i] );
00582
00583 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
00584 sha1_hmac_test_buflen[i] );
00585
00586 sha1_hmac_finish( &ctx, sha1sum );
00587
00588 buflen = ( i == 4 ) ? 12 : 20;
00589
00590 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
00591 {
00592 if( verbose != 0 )
00593 printf( "failed\n" );
00594
00595 return( 1 );
00596 }
00597
00598 if( verbose != 0 )
00599 printf( "passed\n" );
00600 }
00601
00602 if( verbose != 0 )
00603 printf( "\n" );
00604
00605 return( 0 );
00606 }
00607
00608 #endif
00609
00610 #endif